From ab7478727bd544521f57dc14c61d4e1edfc58a9d Mon Sep 17 00:00:00 2001
From: Niels Werensteijn <niels.werensteijn@teamspeak.com>
Date: Thu, 13 Oct 2016 17:11:03 +0200
Subject: [PATCH] updated "simple" examples to be ipv4 and ipv6 capable

---
 examples/simple/create-fw.sh | 49 +++++++++++++++++++++++-------------
 examples/simple/delete-fw.sh | 37 +++++++++++++++++----------
 2 files changed, 55 insertions(+), 31 deletions(-)

diff --git a/examples/simple/create-fw.sh b/examples/simple/create-fw.sh
index 19e40b7..740b245 100755
--- a/examples/simple/create-fw.sh
+++ b/examples/simple/create-fw.sh
@@ -1,15 +1,28 @@
 #!/bin/bash
 sudo modprobe xt_ts3init
 
+if [ "$1" == "4" ]
+then
+  IPTABLES=iptables
+  IPFAMILY=inet
+elif [ "$1" == "6" ]
+then
+  IPTABLES=ip6tables
+  IPFAMILY=inet6
+else
+  echo "specify either 4 or 6 as a parameter for ipv4 or ipv6";
+  exit -1
+fi
+
 #create an autorized ts3 client ip set.
 #perhaps create the set with more than the default 1024 entries
-sudo ipset create ts3_authorized hash:ip timeout 30 || { echo "ipset not installed or there is a problem with it"; exit -1; }
+sudo ipset create ts3_authorized${1} hash:ip family ${IPFAMILY} timeout 30 || { echo "ipset not installed or there is a problem with it"; exit -1; }
 
 #create new chain that handles ts3
-sudo iptables -N TS3_UDP_TRAFFIC
-sudo iptables -N TS3_TCP_TRAFFIC
-sudo iptables -N TS3_ACCEPT_NEW
-sudo iptables -N TS3_UPDATE_AUTHORIZED
+sudo ${IPTABLES} -N TS3_UDP_TRAFFIC
+sudo ${IPTABLES} -N TS3_TCP_TRAFFIC
+sudo ${IPTABLES} -N TS3_ACCEPT_NEW
+sudo ${IPTABLES} -N TS3_UPDATE_AUTHORIZED
 
 RANDOM_FILE_NAME=random.data
 if [ ! -f "${RANDOM_FILE_NAME}" ]
@@ -20,34 +33,34 @@ fi
 RANDOM_FILE=`pwd`/${RANDOM_FILE_NAME}
 
 #disable connection tracking for ts3 server
-sudo iptables -t raw -A PREROUTING -p udp --dport 9987 -j CT --notrack
+sudo ${IPTABLES} -t raw -A PREROUTING -p udp --dport 9987 -j CT --notrack
 
 #move ts3 traffic to TS3_TRAFFIC chain, and filetransfer to TCP chain
-sudo iptables -A INPUT -p udp --dport 9987 -j TS3_UDP_TRAFFIC
-sudo iptables -A INPUT -p tcp --dport 30033 -j TS3_TCP_TRAFFIC
+sudo ${IPTABLES} -A INPUT -p udp --dport 9987 -j TS3_UDP_TRAFFIC
+sudo ${IPTABLES} -A INPUT -p tcp --dport 30033 -j TS3_TCP_TRAFFIC
 
 #Allow authorized clients on UDP
-sudo iptables -A TS3_UDP_TRAFFIC -m set --match-set ts3_authorized src -j TS3_UPDATE_AUTHORIZED
+sudo ${IPTABLES} -A TS3_UDP_TRAFFIC -m set --match-set ts3_authorized${1} src -j TS3_UPDATE_AUTHORIZED
 
 #Allow 3.0.19 and up clients
-sudo iptables -A TS3_UDP_TRAFFIC -p udp -m ts3init_get_cookie --min-client 1459504131 -j TS3INIT_SET_COOKIE --seed-file ${RANDOM_FILE}
+sudo ${IPTABLES} -A TS3_UDP_TRAFFIC -p udp -m ts3init_get_cookie --min-client 1459504131 -j TS3INIT_SET_COOKIE --seed-file ${RANDOM_FILE}
 
 #add new connection if cookie is valid
-sudo iptables -A TS3_UDP_TRAFFIC -p udp -m ts3init_get_puzzle --check-cookie --seed-file ${RANDOM_FILE} -j TS3_ACCEPT_NEW
+sudo ${IPTABLES} -A TS3_UDP_TRAFFIC -p udp -m ts3init_get_puzzle --check-cookie --seed-file ${RANDOM_FILE} -j TS3_ACCEPT_NEW
 
 #drop the rest
-sudo iptables -A TS3_UDP_TRAFFIC -j DROP
+sudo ${IPTABLES} -A TS3_UDP_TRAFFIC -j DROP
 
 #add new connection to authorized src
-sudo iptables -A TS3_ACCEPT_NEW -j SET --add-set ts3_authorized src
-sudo iptables -A TS3_ACCEPT_NEW -p udp -j TS3INIT_RESET
+sudo ${IPTABLES} -A TS3_ACCEPT_NEW -j SET --add-set ts3_authorized${1} src
+sudo ${IPTABLES} -A TS3_ACCEPT_NEW -p udp -j TS3INIT_RESET
 
 
 #Allow authorized clients on TCP
-sudo iptables -A TS3_TCP_TRAFFIC -m set --match-set ts3_authorized src -j ACCEPT
-sudo iptables -A TS3_TCP_TRAFFIC -j DROP
+sudo ${IPTABLES} -A TS3_TCP_TRAFFIC -m set --match-set ts3_authorized${1} src -j ACCEPT
+sudo ${IPTABLES} -A TS3_TCP_TRAFFIC -j DROP
 
 #update timeout in set and allow traffic
-sudo iptables -A TS3_UPDATE_AUTHORIZED -j SET --add-set ts3_authorized src --exist
-sudo iptables -A TS3_UPDATE_AUTHORIZED -j ACCEPT
+sudo ${IPTABLES} -A TS3_UPDATE_AUTHORIZED -j SET --add-set ts3_authorized${1} src --exist
+sudo ${IPTABLES} -A TS3_UPDATE_AUTHORIZED -j ACCEPT
 
diff --git a/examples/simple/delete-fw.sh b/examples/simple/delete-fw.sh
index 023b1ea..01d0ecd 100755
--- a/examples/simple/delete-fw.sh
+++ b/examples/simple/delete-fw.sh
@@ -1,19 +1,30 @@
 #!/bin/bash
 
-#clear up iptables
-sudo iptables -t raw -D PREROUTING -p udp --dport 9987 -j CT --notrack
-sudo iptables -D INPUT -p udp --dport 9987 -j TS3_UDP_TRAFFIC
-sudo iptables -D INPUT -p tcp --dport 30033 -j TS3_TCP_TRAFFIC
+if [ "$1" == "4" ]
+then
+  IPTABLES=iptables
+elif [ "$1" == "6" ]
+then
+  IPTABLES=ip6tables
+else
+  echo "specify either 4 or 6 as a parameter for ipv4 or ipv6";
+  exit -1
+fi
 
-sudo iptables -F TS3_UDP_TRAFFIC
-sudo iptables -F TS3_TCP_TRAFFIC
-sudo iptables -F TS3_ACCEPT_NEW
-sudo iptables -F TS3_UPDATE_AUTHORIZED
+#clear up ${IPTABLES}
+sudo ${IPTABLES} -t raw -D PREROUTING -p udp --dport 9987 -j CT --notrack
+sudo ${IPTABLES} -D INPUT -p udp --dport 9987 -j TS3_UDP_TRAFFIC
+sudo ${IPTABLES} -D INPUT -p tcp --dport 30033 -j TS3_TCP_TRAFFIC
 
-sudo iptables -X TS3_UDP_TRAFFIC
-sudo iptables -X TS3_TCP_TRAFFIC
-sudo iptables -X TS3_ACCEPT_NEW
-sudo iptables -X TS3_UPDATE_AUTHORIZED
+sudo ${IPTABLES} -F TS3_UDP_TRAFFIC
+sudo ${IPTABLES} -F TS3_TCP_TRAFFIC
+sudo ${IPTABLES} -F TS3_ACCEPT_NEW
+sudo ${IPTABLES} -F TS3_UPDATE_AUTHORIZED
+
+sudo ${IPTABLES} -X TS3_UDP_TRAFFIC
+sudo ${IPTABLES} -X TS3_TCP_TRAFFIC
+sudo ${IPTABLES} -X TS3_ACCEPT_NEW
+sudo ${IPTABLES} -X TS3_UPDATE_AUTHORIZED
 
 #delete the ipset
-sudo ipset destroy ts3_authorized
+sudo ipset destroy ts3_authorized${1}